Clients often want to know the progress during testing, and sometimes IT/SOC staff want to know if a recent change in a configuration or activity is related to our testing (vs. a possible unauthorized attacker). Because of this, during testing, we relay information in the following ways:

  • Secure communications and file transfer avenues to ensure your information remains protected
  • Access to a live “blog” of sorts, which contains the following:
    • security engineers’ real-time, unedited, unfiltered notes about where they currently are in the testing process
    • what has already been tested/attacked
    • exploits used
    • any changes/modifications to your network as part of the testing.
    • See example here: https://penconsultants.com/home/live-notes-and-timeline/
  • Immediate notification if an imminent risk or compromise is identified
  • 24-7 support – name, phone number, and email address of all security engineers performing tests

Categories:


© PEN Consultants, LLC 2013 -